CVE-2017-6363 – CVE-2017-6363 is a heap-based buffer over-read ... (How to Fix)

Q: What is the severity of CVE-2017-6363?

CVE-2017-6363 has a CVSS score of 8.1 (HIGH). CVE-2017-6363 is a heap-based buffer over-read vulnerability in the GD Graphics Library's TIFF writer function. This allows attackers to read sensitive memory contents, potentially leading to information disclosure or system crashes. Any application using vulnerable versions of libgd to process TIFF images is affected.

📋 TL;DR

CVE-2017-6363 is a heap-based buffer over-read vulnerability in the GD Graphics Library's TIFF writer function. This allows attackers to read sensitive memory contents, potentially leading to information disclosure or system crashes. Any application using vulnerable versions of libgd to process TIFF images is affected.

💻 Affected Systems

Products:

GD Graphics Library (libgd)
Applications using libgd for TIFF processing

Versions: libgd through 2.2.5

Operating Systems: Linux, Windows, macOS, BSD

Default Config Vulnerable: ⚠️ Yes

Notes: Vendor considers GD/GD2 formats obsolete, but TIFF support may still be enabled in applications.

📦 What is this software?

Libgd by Libgd

View all CVEs affecting Libgd →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution through memory corruption, complete system compromise, or sensitive data exfiltration from process memory.

🟠

Likely Case

Application crashes (denial of service) or limited information disclosure from adjacent memory regions.

🟢

If Mitigated

Minimal impact if proper input validation and memory protections are enabled, potentially just crashes.

🌐 Internet-Facing: MEDIUM - Requires processing malicious TIFF images, but many web applications use GD for image manipulation.

🏢 Internal Only: LOW - Typically requires user interaction or specific image processing workflows.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting malicious TIFF images and triggering the vulnerable code path.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: libgd 2.2.6 and later

Vendor Advisory: https://github.com/libgd/libgd/issues/383

Restart Required: Yes

Instructions:

1. Update libgd to version 2.2.6 or later. 2. For Linux: Use package manager (apt-get upgrade libgd3, yum update gd). 3. For source: Download from libgd.org and recompile. 4. Restart affected applications.

🔧 Temporary Workarounds

Disable TIFF support

linux

Recompile libgd without TIFF support using --without-tiff configure flag

./configure --without-tiff
make
make install

Input validation

all

Implement strict validation of TIFF images before processing

🧯 If You Can't Patch

Implement network segmentation to isolate vulnerable systems
Use web application firewalls to block malicious TIFF uploads

🔍 How to Verify

Check if Vulnerable:

Check libgd version: gdlib-config --version or check package manager

Check Version:

gdlib-config --version || gdlib-config --version 2>/dev/null || dpkg -l | grep libgd || rpm -qa | grep gd

Verify Fix Applied:

Confirm version is 2.2.6 or higher and test with known malicious TIFF samples

📡 Detection & Monitoring

Log Indicators:

Application crashes with segmentation faults
Memory access violation errors
Unusual TIFF file processing

Network Indicators:

Unexpected TIFF file uploads to web applications
TIFF files with abnormal headers

SIEM Query:

source="application.log" ("segmentation fault" OR "SIGSEGV") AND "libgd" OR "gd_tiff"

📊 Metadata

CVE ID: CVE-2017-6363

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CWE: CWE-125

Published: February 27, 2020

Last Updated: November 21, 2024

🔗 References

https://github.com/libgd/libgd/issues/383 Exploit,Issue Tracking,Third Party Advisory
https://github.com/libgd/libgd/issues/383 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-6363, you might also want to check these: